ITSPmagazine

The True Costs (Yes, Plural) Of Ransomware May Not Be So Obvious | Redefining Security With Allie Mellen And Tyler Hudak

Episode Summary

Sure, there is the cost of paying the ransom — if that is even a legal option — and then, maybe you get your data back. But what if it came with some added surprise? Or you can opt for the cost for the loss of data, systems, and revenue if you don't have a recovery plan. Easy no? No. There's much more to this story.

Episode Notes

Sure, there is the cost of paying the ransom — if that is even a legal option — and then, maybe you get your data back. But what if it came with some added surprise? Or you can opt for the cost for the loss of data, systems, and revenue if you don't have a recovery plan. Easy no? No. There's much more to this story.

The truth of the matter is that dealing with a ransomware event is far from simple. It potentially involves many people and firms (some of them very expensive), and it sure is not something that you can deal with over the weekend and keep rolling with business-as-usual on Monday morning.

More often than not, many teams need to get brought in — internal and external — to negotiate, translate, communicate, remediate, and the list goes on and on, and with each item comes an expense. Some are tangible "easy-to-tally" figures, but some came to be much more subtle and yet still have an heavy impact to the business.

Depending on how the situation is handled, this can also significantly impact how customers and partners perceive the company's ability to be honest and have integrity during a time of crisis. This can go beyond the reputational damage of being compromised to a place where real trust issues can creep in, potentially following the company.

The list of costs connected with ransomware is long. So long that after we discuss them all, we had to come up with a way to prioritize some and reveal the top three.

Any idea what those might be?

Guests
Allie Mellen, Analyst Covering Security and Risk at Forrester Research (@hackerxbella on Twitter)

Tyler Hudak, Practice Lead, Incident Response at TrustedSec (@secshoggoth on Twitter)

This Episode’s Sponsors

HITRUST: https://itspm.ag/itsphitweb

Semperis: https://itspm.ag/semperis-1roo

Resources
Inspiring Twitter thread:
https://twitter.com/secshoggoth/status/1389645581325320204

Ransomware: Survive by Outrunning the Guy Next to You:
https://go.forrester.com/blogs/ransomware-survive-by-outrunning-the-guy-next-to-you/

Podcast: Understanding Response Risk Relative to Ransomware and DoT Guidelines | Don’t Pay, Can’t Pay, What Next | A Conversation With Dr. Catherine Lotrionte, Adam Hickey, And Stewart Baker: https://itsprad.io/cyber-society-412

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-security

Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships